SharePoint Stuff

Microsoft Cloud App Security (MCAS) Q&A

Q: How quick can the MACS log collector ingest data
A 50GB\hr, main limitations are bandwidth and processing can be overcome by increasing the compute\bandwidth\adding more collectors
Q: What happens is the MCAS log collector can’t process the data quick enough
A: Data is dropped (DD to confirm), adding more collectors are recommended
Q: Do you need a MCAS log collector per device
A: no can use the same one
Q: Can I add more MCAS log collectors
A: Yes (DD to confirm if they can be load balanced, I think they can but couldn’t find an article
Q: What do I need to do to protect my end users when using the MCAS Proxy
A: Need devices to be Azure AD Joined, as it uses conditional access
Q: Does the MCAS proxy work with non-Windows 10 devices
A: Yes using conditional access from MDM for macOS, Android and iOS – Windows 8.1 or below TBC
Q: If the details of a cloud vendor is in correct how can these be updated
A: Microsoft Support Request from the portal
Q: Do you need to license every user for MCAS to view the activity
A: Not for proxy\firewall logs
Q: Do you need to licenses every user for MCAS is you need to control access using the proxy
A: Yes
Q: Can we create our own application and vendor classification
A: TBC
Q: Can we integrate MCAS with a SIEM
A: Yes
Q: Can we integrate MCAS and ATP (Defender and Office 365) together
A: TBC
Q: Can we integrate AIP with MAS
A: Yes

Luke Smith

I’ve been working with Microsoft Technologies for over 20 years, my main focus now being Microsoft Online Services. I manage the Cloud Services at ElysianIT Limited and as a P-SELLER at Microsoft. I have worked with many organisations from SMC to Enterprise.
I’ve been working with Microsoft Technologies since DOS 5.0, to date I have been working on Microsoft’s latest cloud technology Windows Azure, Windows 10 Office 365 and Microsoft SharePoint